<?php
if ($password==$row['password']){
    session_start();
    $_SESSION['userinfo']=array(
        'id'=>$row['id'],
        'username'=>$username
    );
    header('Location:user.php');
    die;
}
$error=array();
if(!empty($_POST)){
    $username=isset($_POST['username'])? trim($_POST['username']):'';
    $password=isset($_POST['password'])? $_POST['password']:'';
    require 'check_form.lib.php';
    if (($result=checkUsername($username)) !==true) $error[]=$result;
    if(($result=checkPassword($password))  !==true) $error[]=$result;

    if (!empty($error))
    {     $link=mysqli_connect('localhost','root','');
        if(!$link){
            die('连接数据库失败！'.mysqli_error($link));
        }

        mysqli_query($link,'set names utf8');
        mysqli_query($link,'use`itcast`');
        $username=mysqli_real_escape_string($link,$username);
        $sql="select`id` from `user` where `username`='$username'";
        if($rst=mysqli_query($link,$sql)){
            $row=mysqli_fetch_assoc($rst);
            $password=md5($password);
            if($password==$row['password']){
                die('欢迎登录！');
            }
        }
        $error[]='用户名不存在或密码错误。';
    }
}
require 'login_html.php';
